[Downtime] 28th December 2002

Page may contain affiliate links. Please see terms for details.

Koolvin

Administrator
Staff member
Joined
Jun 1, 2002
Messages
10,475
Location
Staines
Car
W168, W169 & S202
Since 27th of December KDA have been under a sustained DOS attack. This attack has been aimed at our main webserver and brought our UK operations to a standstill. Usually a sustained attack will last no more than 8 hours, unfortuently the magnitude of this one has seen it last 30 hours. At 8:30am on the 27th we were alerted to a slow down in access to the server, this was minutes after the attack began, shortly afterwards our monitoring service informed us of a peak of traffic directed at our IP subnet, at this point the traffic was peaking at 200mbit a second, shortly afterwoulds the traffic hit 800mbit a second. This level of traffic in a DDOS attack is unheard of, it was totally over the top it was basically like someone sending us 8gigabytes of data every minute. The traffic was so immense it knocked out claranets dialup, ADSL and leased line customers throughout the UK, the attackers also managed to cause an outage on 2 gigabit transatlantic links. As you can immagine a lot of our upstream provider
s were very annoyed and part of their solution was to put a block on all traffic coming to KDA, unfortuenly this meant loss of access for all our clients. This morning we managed to bring our mail servers online but our web server was still blocked as we still had 32mbit of traffic attempting to hit it from upstream. The people who did this were very sophisticated, they knew what they were doing and it was there aim to keep our server offline for as long as possible. At the moment all blocks have been removed and we are working with several ISPs to block the remaining traffic from hitting out network.

We apologise for this outage and we hope that you understand we are doing our best to restore your normal service.
 
From home, using my Broadband link I cannot get to the pages at all and havnt been able to see MBclub since the flood attack.

Everything else seems fine but MBClub. I cant even ping it from home! (217.158.168.16)


However, if I tunnel into work (frome home) and then go out through the proxy at work, I can see it. I can only conclude that either Blueyonder are blocking packets to and from your ISP still or, their transparent cache needs refreshing.

Waddya recon Koolvin, should I give them hell? Personally I recon that the helpdesk bod wouldnt know wtf I am talking about and I would be wasting my time.
 
Sp!ke, you still having probs? can you paste the details of a trace here?
 
(Through Work)
Tracing route to www.mbclub.co.uk [217.158.168.16] over a maximum of 30
hops:

1 <10 ms <10 ms <10 ms cer5302-v2.eu.???.com [193.36.##.###]
2 <10 ms <10 ms <10 ms 192.168.1.???
3 <10 ms * <10 ms ukspkw1701.eu.???.com [195.152.127.###]
4 <10 ms <10 ms <10 ms 195.152.127.###
5 <10 ms 16 ms <10 ms lf-1.LDN5.psie.net [154.32.26.1]
6 <10 ms 16 ms <10 ms msc-1.LDN5.psie.net [154.32.255.1]
7 <10 ms 16 ms <10 ms tier1-1.LDN2.psie.net [154.14.66.1]
8 <10 ms 16 ms <10 ms ge-0-0-0-telee-peleg.router.clara.net
[195.66.224.66]
9 15 ms <10 ms 16 ms fe-4-0-redbus2-pequod.router.clara.net
[195.8.68.185]
10 <10 ms 15 ms 16 ms fe-4-0-0.nacelle.router.ultraspeed.net
[217.158.99.57]
11 <10 ms 15 ms 16 ms 217.158.168.16

(Through BY)
Tracing route to 217.158.168.16 over a maximum of 30 hops

1 11 ms 15 ms 9 ms 10.88.64.1
2 16 ms 10 ms 11 ms gsr01-nm.blueyonder.co.uk [62.30.112.129]
3 11 ms 10 ms 10 ms 172.18.10.33
4 20 ms 13 ms 14 ms tele1-cro-pos.telewest.net [194.117.136.34]
5 11 ms 13 ms 12 ms ge21-uk-gw3.cableinet.net [194.117.140.6]
6 12 ms 13 ms 13 ms ge-5-0-0-10-telen-starbuck.router.clara.net
[195.8.68.133]
7 14 ms 17 ms 12 ms ge-1-0-0-telee-peleg.router.clara.net
[213.253.16.65]
8 * * * Request timed out.
9 * * ge-1-0-0-telee-peleg.router.clara.net [213.253.16.65]
reports: Destination net unreachable.
 

Users who are viewing this thread

Back
Top Bottom